Detecting Cloned Payment Cards

ABSTRACT

Aspects of the disclosure relate to a payment device to detect real-time suspicious payment cards. Prior to a transaction, a payment device detects suspicious payment cards based on captured images of the payment card. An alert may be generated upon detection of any suspicious or fraudulent payment card. In some arrangements, the payment device may utilize machine learning models or machine learning capabilities to detect suspicious payment cards. A characterization score may be generated and used to determine if a payment card is suspicious. The characterization scores may be updated based on different card issuer criteria and transaction use of each payment card.

BACKGROUND

Aspects of the disclosure relate to electrical computers, systems, anddevices for detecting suspicious payment cards. Card reader devices maybe found installed on gas pumps, vending machines, point-of-saleterminals, and even automatic teller machines (ATMs).

A frequent area of payment card fraud involves the use of clonedcredit/debit payment cards, wherein a valid payment card number (andother data) is re-programmed into the magnetic stripe of another paymentcard. The other payment card may be a “blank” which is typically a whiteplastic payment card with no writing/images/graphics or it may be avalid payment card produced by a legitimate card issuer and simplyre-programmed for fraudulent purposes. Once reprogrammed, a perpetratormay then use the cloned payment card to cash out available funds at anATM or spend the funds using a point-of-sale terminal.

Current technologies do not attempt to examine the physical payment cardin order to detect when a cloned payment card is being used so thatfraudulent transactions may be blocked. Instead, fraud strategiesusually rely on other payment attributes, like location, transactionamount, and merchant details. If something like a blank white card isused instead of a properly issued card there is nothing to determine itsauthenticity and block the transaction, or otherwise produce a suitablealert based on detection of a fraudulent payment card. There is a needto develop capability to detect suspicious payment cards at ATMs orpoint of sale interactions.

SUMMARY

In light of the foregoing background, the following presents asimplified summary of the present disclosure in order to provide a basicunderstanding of various aspects of the disclosure. The summary is notlimiting with respect to the exemplary aspects of the disclosuredescribed herein and is not an extensive overview of the disclosure. Itis not intended to identify key or critical elements of or steps in thedisclosure or to delineate the scope of the disclosure. Instead, aswould be understood by a person of ordinary skill in the art, thefollowing summary merely presents some concepts of the disclosure insimplified form as a prelude to the more detailed description providedbelow. Moreover, sufficient written descriptions of the embodiments ofthis application are disclosed in the specification throughout thisapplication along with exemplary, non-exhaustive, and non-limitingmanners and processes of making and using the inventions, in such full,clear, and concise, and exact terms in order to enable skilled artisansto make and use the inventions without undue experimentation and setsforth the best mode contemplated by the inventor for carrying out theinventions.

Aspects of this disclosure address one or more shortcomings in theindustry by providing a payment device to detect real-time suspicioustransactions using cloned payment cards. In some embodiments, thepayment device includes on board circuitry and architecture to detect onthe edge any proximate suspicious payment cards prior to initiating anytransactions. In some arrangements, the payment device may utilizemachine learning models or machine learning capabilities to detectsuspicious payment cards or readers.

In accordance with one or more embodiments, a payment device may captureimages of a payment card in contact with a payment device. The capturedimages may be analyzed to determine a suspicious payment card. An alertmay be generated upon detection of any suspicious or fraudulent paymentcard.

In some embodiments, a characterization score may be generated and usedto determine if a payment card is suspicious. The generated scores maybe transmitted and shared by card issuers or financial institutions toprevent fraud. In a further embodiment, the generated scores may beupdated based on new interactions with the payment card over time.

In an aspect of the disclosure, a computing environment may include oneor more data centers and one or more computing devices, includingcomputing devices located at or within such data centers and computingdevices not located at or within such data centers. For example, acomputing environment may include a first data center. The data centermay include a card issuer computing platform. The computing environmentmay also include a user device, a point-of-sale terminal, and/or an ATM.

In some arrangements, a data center may be a distinct and physicallyseparate data center operated by and/or otherwise associated with anorganization, such as a financial institution. In addition, the datacenter may house a plurality of server computers and various othercomputers, network components, and devices.

These features, along with many others, are discussed in greater detailbelow.

BRIEF DESCRIPTION OF THE DRAWINGS

The present disclosure is illustrated by way of example and not limitedin the accompanying figures in which like reference numerals indicatesimilar elements and in which:

FIG. 1 illustrates a computing environment for detecting a suspiciouscard reader or fraudulent device in accordance with one or more aspectsdescribed herein;

FIG. 2 illustrates a smart card in accordance with one or more aspectsdescribed herein;

FIG. 3 illustrates exemplary payment card backgrounds that may becaptured by image sensors in accordance with one or more aspectsdescribed herein;

FIG. 4 illustrates generation and operation of a fraud incident databaseaccording to one or more aspects described herein; and

FIG. 5 depicts an illustrative block diagram for detecting a suspiciouspayment card in accordance with one or more aspects described herein.

DETAILED DESCRIPTION

In the following description of various illustrative embodiments,reference is made to the accompanying drawings, which form a parthereof, and in which is shown, by way of illustration, variousembodiments in which aspects of the disclosure may be practiced. It isto be understood that other embodiments may be utilized, and structuraland functional modifications may be made, without departing from thescope of the present disclosure.

It is noted that various connections between elements are discussed inthe following description. It is also noted that these connections aregeneral and, unless specified otherwise, may be direct or indirect,wired or wireless, and that the specification is not intended to belimiting.

FIG. 1 depicts an illustrative computing environment 100 for using apayment card 102 with various embodiments of the disclosure. In anembodiment, payment card 102 may include a smart contactless paymentcard. Computing environment 100 may include one or more data centers andone or more computing devices, including computing devices located at orwithin such data centers and computing devices not located at or withinsuch data centers. For example, computing environment 100 may include afirst data center 104. Data center 104 may include a card alertcomputing platform 106. Computing environment 100 also may include auser device 108, a point-of-sale terminal 110, and/or an automatedteller machine 112.

Data center 104 may be a distinct and physically separate data centeroperated by and/or otherwise associated with an organization, such as afinancial institution. In addition, data center 104 may house aplurality of server computers and various other computers, networkcomponents, and devices.

In an aspect of the disclosure, a card alert computing platform 106 maybe configured to provide one or more portal interfaces to one or moreclient devices and/or may be configured to authenticate and/or monitorone or more payment cards and associated acceptance devices such aspoint-of-sale terminals, and/or automated teller machines.

In another aspect of the disclosure, card alert computing platform 106may be configured to authenticate payment cards that transact with cardreaders. In some instances, a snapshot or digital images taken of apayment card 102 upon insertion into a card reader may be analyzed bycard alert computing platform 106 for suspicious or fraudulent activity.

In some arrangements, data center 104 may include one or more clientaccount servers, which may be configured to store and/or maintaininformation associated with one or more client accounts. For example,the client account server(s) may be configured to store and/or maintaininformation associated with one or more financial accounts associatedwith one or more customers of a financial institution, such as accountbalance information, transaction history information, and/or the like.In an embodiment, client account server(s) may store informationregarding the background type and branding of customers issued paymentcards. This information may also include digital images of a customersissued payment cards to be used for authentication purposes in real-timefinancial transactions.

Additionally or alternatively, client account server(s) may includeand/or integrate with one or more client support servers and/or devices,such as one or more customer service representative devices used by oneor more customer service representatives of an organization (which may,e.g., be a financial institution operating data center 106), to connectone or more customers of the organization with one or more customerservice representatives of the organization via one or more telephonesupport sessions, chat support sessions, and/or other client supportsessions. In an embodiment, the client support servers may maintain ahistory of transaction with various card readers for analysis. Theanalysis may include using machine-learning algorithms to look forsuspicious activities associated with a particular reader or device. Forinstance, machine learning algorithms may recognize that a number ofdetected fraudulent payment cards are being used at a particular cardreader. Such transaction may be halted and flagged for financialinstitution action.

In one or more arrangements, a user device 108 may be any type ofcomputing device capable of receiving a user interface, receiving inputvia the user interface, and communicating the received input to one ormore other computing devices. For example, a user device may, in someinstances, be and/or include server computers, desktop computers, laptopcomputers, tablet computers, smart phones, or the like that may includeone or more processors, memories, communication interfaces, storagedevices, and/or other components. As noted above, and as illustrated indetail below, a user device may, in some instances, be one or morespecial-purpose computing devices configured to perform specificfunctions. In an embodiment, user device 108 may receive alerts orcommunications from card alert computing platform 106 regarding currentor past transactions.

In an embodiment, user device 108 may communicate with card alertcomputing platform 106 to provide a user with information related tocurrent or previous transactions. In some instances, in addition tobeing configured to provide uses with transactional information, cardalert computing platform 106 also may be configured to provide a mobilebanking portal associated with the financial institution to variouscustomers of the financial institution and/or their associated mobilecomputing devices. Such portals may, for instance, provide customers ofthe financial institution with access to financial account information(e.g., account balance information, purchase transactions, accountstatements, recent transaction history information, or the like) and/ormay provide customers of the financial institution with menus, controls,and/or other options to schedule and/or execute various transactions(e.g., online bill pay transactions, person-to-person funds transfertransactions, or the like). A card alert computing platform 106 may beconfigured to provide one or more interfaces that allow forconfiguration and management of one or more cards, computing devices,and/or computer systems included in the computing environment.

In an embodiment, a computing environment also may include one or morecomputing platforms. For example, a computing environment may include acard alert computing platform 106. As illustrated in greater detailbelow, a card alert computing platform 106 may include one or morecomputing devices configured to perform one or more of the functionsdescribed herein. For example, a card alert computing platform 106 mayinclude one or more computers (e.g., laptop computers, desktopcomputers, servers, server blades, or the like). The computingenvironment also may include one or more networks 114, which mayinterconnect one or more of card alert computing platforms, a userdevice 108, a point-of-sale terminal 110, and/or an automated tellermachine 112. For example, a computing environment may include a network114, which may include one or more public networks, one or more privatenetworks, and/or one or more sub-networks (e.g., local area networks(LANs), wide area networks (WANs), or the like).

The computing environment also may include one or more card interfacedevices, such as point-of-sale terminal 110 and/or ATM 112. Apoint-of-sale terminal 110 and/or an ATM 112 may include a card-readinginterface, such as an EMV chip interface, an image capture device, amagnetic stripe reader, and/or a contactless reader (e.g., near-fieldcommunication (NFC), radio-frequency identification (RFID)). The one ormore card interface devices, such as point-of-sale terminal 110 and/orautomated teller machine 112, are connected to a power source. The oneor more card interface devices, such as a point-of-sale terminal 110and/or ATM 112, may be configured to send information to and receiveinformation from the card alert computing platform 106. This mayinclude, for example, card authentication information, image capturedata, purchase information, and/or card update information (e.g.,updated card number, expiration date, name, offers, or the like fordisplay).

The computing environment may also include one or more smart contactlesspayment cards 102 (e.g., smart contactless credit cards, debit cards,ATM cards). As shown in FIG. 2 , in some arrangements of the disclosure,a smart contactless card 102 may include magnetic stripe 201, one ormore processors 202, memory 204, a power module 206, a communicationinterface 208, a speaker 210, a photovoltaic 212, and a micro-embeddedeSIM 214. In an alternative embodiment, smart contactless payment card102 may include a battery or similar power sources. In an embodiment,eSIM 214 may be used to pair with other smart contactless payment cardsto form a card-pairing network to share information regarding suspiciouscard readers. The card-pairing network may also be connected with otherbackend networks associated with card alert computing platform 106.

In some arrangements a data bus may interconnect the one or moreprocessors, memory, and communication interface. The communicationinterface may be a chip (e.g., an EMV chip) configured to supportcommunication between smart contactless payment card and an interfacedevice (e.g., an EMV chip reader of a point-of-sale terminal orautomated teller machine). The chip may be configured to draw power(e.g., electrical current) from the interface device when connected tothe interface device. In some embodiments, the EMV chip may beconfigured according to ISO/IEC 7816 standard. In some otherembodiments, the EMV chip may include a contactless chip, such as acontactless chip configured according to ISO/IEC 14443 standard.

Memory may include one or more program modules having instructions thatwhen executed by processor cause the smart contactless card 102 toperform one or more functions described herein. In some instances, theone or more program modules may be stored by and/or maintained indifferent memory units of the smart contactless payment card. In someinstances, the one or more program modules may be instantiated in customchips or integrated circuits, such as a custom chip configured toperform set pre-programmed logic.

FIG. 2 illustrates a payment card interface device 224 that may beincluded in a point-of-sale terminal 110 and/or ATM 112. Payment cardinterface device 224 may accept a payment card 102 by inserting paymentcard 102 into a front slot 225 of payment card interface device 224. Ifthe payment card 102 has an embedded chip, payment card 102 may remainin the payment card interface device 224 until transaction completion.Upon insertion of payment card 102, a digital image of payment card 102may be captured by imaging sensor 226. Image sensor 226 may utilizevisible light or in other embodiments infrared, or ultravioletwavelengths. In some arrangements, the imaging sensor or sensors maycapture multispectral images. Filters may be applied to themultispectral images to separate different detected wavelengths.

In an aspect of the disclosure, multiple image sensors may be embeddedinto payment card interface device 224 so that digital images of bothsides of inserted payment cards may be captured. In additionalembodiments, image sensors such as image sensor 228 may be placed ondifferent internal and external surfaces of payment card interfacedevice 224 to capture images of smart contactless payment cards ormagnetic stripe payment cards. One skilled in the art will realize thatnumerous different designs of payment card interface devices exist andthat image sensor device placement may be different in each of thesedesigns in order to capture digital images of the utilized payment card.

FIG. 3 illustrates different exemplary payment card background designsin accordance with various aspects of the disclosure. In FIG. 3 ,payment cards 302, 304, and 306 each have different imprinted backgrounddesigns that distinguish each of payment cards 302, 304, 306. In anaspect of the disclosure, the particular issuers of payment cards 302,304, 306 have imprinted designs that distinguish their issued paymentcards from different payment card issuers. The different backgrounddesigns may include graphics, symbols, pictures, logos, colors or otherimage details that may be imprinted onto the physical payment card. Insome arrangements, a payment card issuer may include a QR code or otherinformation on a payment card that may not be decipherable or detectableto the human eye. Such information by be detected by various differentsensors using different visible or non-viable light spectrums. In anembodiment, payment cards may include a particular area on each paymentcard in which payment card issuers may insert additional uniqueinformation detectable only by sensors to assist in identifying theirpayment cards from other card issuers and assist in detecting clonedcards.

In addition, on some payment cards the issuer's logo or otheridentifiable information may be displayed on the payment card such as ina corner of the cards as shown at 308, 310, and 312. Moreover, thefinancial network the card belongs to may also be indicated on the faceof the card such as shown in the lower right hand corner of paymentcards 302, 304, and 306, as boxes 314, 316, and 318.

In an aspect of the disclosure, the captured images may be analyzed todetermine the bank identification number (bin) which includes the firstsix digits on a payment card. The bin may be used to identify theinstitution that has issued the payment card. In an embodiment, thedetermined bins may be used to determine from each issuer the universeof payment cards background designs that each institution uses for theirpayment cards.

In some embodiments, a customer may be able to design certain elementsof the background of a payment card in order to personalize theirpayment card. In an aspect of the disclosure, a payment card issuer hasapproved the text or image details imprinted on their issued paymentcard and can readily identify the issuer of the payment card based onthe background design.

In an aspect of the disclosure, when payment card 102 is inserted intopayment card interface device 224, imaging sensor 226 detects andcaptures at least one digital image of payment card 102. The captureddigital images may be used to analyze and characterize the insertedpayment card 102. For instance, captured digital images may be used todetermine if payment card 102 is an authentic payment card issued from alegitimate payment card issuer. The analysis of the captured images mayinclude rating the payment card for normal wear-and-tear anddiscoloration based on the age of payment card 102.

In an embodiment, the analysis of the payment card from the capturedimages may determine the amount of red, green and/or blue color used inthe overall payment card or in certain parts of the payment card. In anembodiment, the analysis detects or determines any unique features ofdifferent payment cards that may have been used by card issuers whendesigning their payment cards. These features may be used to detectlegitimate payment cards. In yet another embodiment, card alert platform106 may be used to compare the captured digital images and theinformation determined from the analysis to stored backgrounds forpayment cards issued by payment card issuers. If the background or otherfeatures determined in the captured digital images does not match storedimages of legitimate issued backgrounds and features from payment cardissuers, the financial transaction may be canceled.

In an aspect of the disclosure, each payment card issuer may formulatedifferent scenarios for determining and handling a detected clonedpayment card. For instance, upon determination of a cloned payment card,a payment card issuer may want to immediately terminate the transactionand have the point-of-sale terminal 110 and/or ATM 112 confiscate thepayment card if capable. For example, some ATM machines may be able toswallow a payment card based on detected fraudulent activity. In anotherembodiment, payment alert platform 106 may determine a characterizationscore for each inserted payment card. The characterization score mayrepresent whether the inserted payment card falls within an acceptableparameter range. The acceptable parameter range may be determined byeach payment card issuer and implemented by the system. The acceptableparameter range may be changed or updated by each payment card issuer toensure that the presented payment card is a close enough match to theissued card at time of issuance to prevent fraudulent activity. In anembodiment, the generated characterization score may be used by anissuer to determine whether a payment card transaction should beterminated. The generated characterization score which may adjusted bothup and down based on numerous factors may act as a fingerprintidentifying the particular payment card.

As an example, if a white blank payment card with a reprogrammedmagnetic stripe of another card is inserted into payment card interfacedevice 224, imaging sensor 226 may detect the lack of a background onthe inserted payment card. A comparison of the captured images by cardalert computing platform 106 to stored characterized data about theinserted payment at time of issuance may determine if the insertedpayment card is a cloned payment card. In an embodiment, a blank or anabsent of color payment card may automatically indicate that a clonedpayment card. In other embodiments, a series of white or blank cardsinserted back-to-back in the same payment card interface device 224 mayindicate fraudulent transactions, which may prompt denial oftransactions or at least potentially prolonging transaction times toalert interested parties to the potential fraudulent activities takingplace.

In an aspect of the disclosure, payment card interface device 224utilizing imaging sensor 226 may capture images of a payment card's EMVchip. In an embodiment, payment card issuers may track the differenttypes of EMV chips utilized in each of their different types of paymentcards. The captured images of a payment card's EMV chip may be comparedto stored information on the EMV chip embedded in payment card at cardissuance. For example, the captured images may be used to determine thetrace line patterns of the payment card's EMV chip for comparison to thestored information about the EMV chip at time of issuance. If the tracepatterns do match the stored information, the payment card interfacedevice 224 may flag the payment card as being a cloned card.

In another embodiment, a characterization score may be determined bycard alert platform 106 based on the captured images and additionalinformation that may be stored regarding the inserted card to determinethe characterization score for the inserted card. One skilled in the artwill realize that the determination steps performed by card alertplatform 106 may alternatively be performed by the point-of-saleterminal 110 and/or ATM 112 depending upon machine capabilities. In suchembodiments, the information may be transmitted from the point-of-saleterminal 110 and/or ATM 112 to the payment card issuer using an ISO-8583message for payment card processing.

In another aspect of the disclosure, a fraud incident database 402 maybe located in card alert platform 402. Alternately, the fraud incidentdatabase 402 may also be stored in the card interface device 224associated with the point-of-sale terminal 110 and/or ATM 112. The fraudincident database may store images of the captured data for paymentinterface device so as to compare the look or features of a payment cardover time. For instance, a payment card's background may slowlydeteriorate over time. The information may be used to assist withdetermining characterization of the payment card over time. Forinstance, the system may take into account payment card damage,scratches, discoloration, and normal wear-and-tear over a payment cardscirculation time.

In another aspect of the disclosure, payment card captured images may bestored in the fraud incident database 402 at various frequencies totrack the wear-and-tear of a payment card over time. These stored imagesmay be used to compare a payment card's recent transaction payment cardimages to assist in detecting cloned cards.

In an embodiment, determined or extracted data may be compared and/orcorrelated with existing data found in fraud incident database 402.Fraud incident database 402 may include determined or reported instancesof transaction fraud and associated locations and identification of cardreaders. In an embodiment, a fraud transaction history associated with aparticular card reader may be maintained and used to determine new orreoccurring instances of transaction fraud. In an embodiment, ifsuspicious behavior is detected numerous entities may be alerted.

In some embodiments, artificial intelligence or machine learning may beused to determine suspicious payment cards and/or suspicious paymentcard readers. In some instances, a Long Short-Term Memory (LSTM) neuralnetwork may be used to correlate image data with instances of fraud. Inother instances, deep scanning may be used to analyze relationshiphistory and frequency of transactions on particular card readers. Theuse of machine learning and the analysis of payment card digital imagesmay determine patterns of fraud occurring at particular payment cardreaders. In some embodiments, a vulnerability score may be determinedand updated on a specified frequency.

In an embodiment, data center 104 may be a distinct and physicallyseparate data center operated by and/or otherwise associated with anorganization, such as a first financial institution. Other data centersmay be operated at a different or second financial institution, whichmay wish to share data with the first financial institution regardingsuspicious contactless card reader via a secure API or other secureinterfaces to reduce incidents of fraud on both intuition's users.

FIG. 5 illustrates an exemplary method for detecting a suspiciouspayment card in accordance with one or more embodiments of thedisclosure. Referring to FIG. 5 , the process is initiated by bringingthe payment card 102 within range of the card reader or payment cardinterface device 224. In an embodiment, a user may be attempting topurchase an item or service using their payment card 102.

At step 502, payment card interface device 224 captures at least oneimage of the payment card. In steps 504 and 506, payment card interfacedevice 224 analyzes the at least one image and determines if the paymentcard 102 is suspicious before transaction authorization. In anembodiment, payment card interface device 224 captures images of thepayment card using optical sensors 226. If in step 508, payment card 102is determined to be suspicious then the transaction is blocked in step510 and alerts are transmitted in step 512.

If in step 508, the payment card 102 is not determined to be suspiciousthen the process continues with normal payment processing techniquesincluding card processing, card network processing, and transactioncompletion.

Aspects of the disclosure have been described in terms of illustrativeembodiments thereof. Numerous other embodiments, modifications, andvariations within the scope and spirit of the appended claims will occurto persons of ordinary skill in the art from a review of thisdisclosure. For example, one of ordinary skill in the art willappreciate that the steps illustrated in the illustrative figures may beperformed in other than the recited order, and that one or more stepsillustrated may be optional in accordance with aspects of thedisclosure.

What is claimed is:
 1. A payment device comprising: at least oneprocessor; and memory storing computer-readable instructions that, whenexecuted by the at least one processor, cause the payment device to:capture images of a payment card in contact with the payment device upontransaction initiation; analyze the captured images; determine asuspicious payment card based on at least the analyzed captured images;block transaction of the payment card with the payment device based onthe determination of the suspicious payment card; and transmit an alertindicating detection of the suspicious payment card.
 2. The paymentdevice of claim 1, wherein the computer-readable instructions, whenexecuted by the at least one processor, cause the payment device to:determine an issuer of the payment card based on analysis of thecaptured images; and compare at least one feature of the captured imagesof the payment card to background images of issued payment cards bydetermined issuer.
 3. The payment device of claim 1, wherein thecomputer-readable instructions, when executed by the at least oneprocessor, cause the payment device to: update a fraud incident databasewith identification of the determined suspicious payment card andassociated details of the blocked transaction.
 4. The payment device ofclaim 3, wherein the computer-readable instructions, when executed bythe at least one processor, cause the payment device to: correlate theblocked transaction of the payment card with information contained inthe fraud incident database; and determine additional suspiciousactivity based on the correlation of the blocked transaction of thepayment card with information contained in the fraud incident database,the determined suspicious activity associated with a point-of-saleterminal or an automated teller machine.
 5. The payment device of claim4, wherein a LSTM neural network correlates the blocked transaction ofthe payment card with information contained in the fraud incidentdatabase.
 6. The payment device of claim 5, wherein thecomputer-readable instructions, when executed by the at least oneprocessor, cause the payment device to: generate behavior patterns forthe point-of-sale terminal or the automated teller machine based oninformation included in the fraud incident database; and determineadditional suspicious payment card activity based on the generatedbehavior patterns for point-of-sale terminal or the automated tellermachine.
 7. The payment device of claim 1, wherein the captured imagesare multispectral images.
 8. The payment device of claim 1, wherein thecaptured images include visible light images and ultra-violet lightimages.
 9. The payment device of claim 1, wherein the computer-readableinstructions, when executed by the at least one processor, cause thepayment device to: generate a characterization score; and blocktransaction with the payment card based on the generatedcharacterization score being at a predetermined level.
 10. The paymentdevice of claim 9, wherein the computer-readable instructions, whenexecuted by the at least one processor, cause the smart contactless cardto: update the characterization score of the payment card based onpayment card activity.
 11. A method comprising: capturing images of apayment card in contact with a payment device upon transactioninitiation; analyzing the captured images; determining a suspiciouspayment card based on at least the analyzed captured images; blockingtransaction of the payment card with the payment device based on thedetermination of the suspicious payment card; and transmitting an alertindicating detection of the suspicious payment card.
 12. The method ofclaim 11, further comprising: determining an issuer of the payment cardbased on analysis of the captured images; and comparing at least onefeature of the captured images of the payment card to background imagesof issued payment cards by determined issuer.
 13. The method of claim11, further comprising updating a fraud incident database withidentification of the determined suspicious payment card and associateddetails of the blocked transaction.
 14. The method of claim 13, furthercomprising: correlating the blocked transaction of the payment card withinformation contained in the fraud incident database; and determiningadditional suspicious activity based on the correlation of the blockedtransaction of the payment card with information contained in the fraudincident database, the determined suspicious activity associated with apoint-of-sale terminal or an automated teller machine.
 15. The method ofclaim 14, further comprising correlating with a LSTM neural network theblocked transaction of the payment card with information contained inthe fraud incident database.
 16. The method of claim 11 furthercomprising: generating behavior patterns for the analyzed point-of-saleterminal or the automated teller machine; and determining additionalsuspicious payment card activity based on the generated behaviorpatterns for point-of-sale terminal or the automated teller machine. 17.A system comprising: a payment card; and a payment device comprising: atleast one processor; and memory storing executable instructions that,when executed by the at least one processor, cause the payment deviceto: scan the payment card using an optical sensor when the payment cardis inserted into the payment device; generate at least one scanned imageof the payment card; prior to initiating a transaction with the paymentcard, compare the at least one scanned image of the payment card tostored authenticated images of valid payment cards; determine asuspicious payment card based on the compared at least one scanned imageto the stored authenticated images of valid payment cards; blocktransaction of the payment card with the payment device based on thedetermination of a suspicious payment card; and transmit an alertindicating detection of the suspicious payment card.
 18. The system ofclaim 17, wherein the memory storing computer-readable instructionsthat, when executed by the at least one processor, cause the paymentdevice to: determine an issuer of the payment card based on analysis ofthe scanned images; and compare at least one feature of the scannedimages of the payment card to background images of issued payment cardsby determined issuer.
 19. The system of claim 18, wherein the at leastone scanned image includes a ultra-violet light image.
 20. The system ofclaim 17, wherein the memory storing computer-readable instructions,when executed by the at least one processor, cause the payment deviceto: update a fraud incident database with identification of thedetermined suspicious payment card and associated details of the blockedtransaction.